archiving documents in electronic format

Transcription

1 LAW No. 135 of May 15 th 2007 on archiving documents in electronic format ISSUER: THE PARLIAMENT OF ROMANIA PUBLISHED WITH: THE OFFICIAL GAZETTE NO. 345 of May 22 nd 2007 The Parliament of Romania passes this law. CHAP. 1 GENERAL PROVISIONS ART. 1 This law regulates the generation, storage, access and use of electronic documents archived or that are to be archived in electronic archives. ART. 2 The archiving processing of electronic documents is performed in compliance with the provisions under the National Archives Law no. 16/1996, as further amended and supplemented, as well as with the regulations in force on the storage, access and security of public or private information. CHAP. 2 - DEFINITIONS ART. 3 For the purposes of this law, the terms and notions below shall be understood as follows: 1. a) electronic archives administrator natural or legal person accredited by the specialized regulatory and monitoring authority to administer the electronic archiving system and the documents archived in the electronic archives; 2. b) electronic archives the electronic archiving system, along with all archived electronic documents; 3. c) electronic archiving services provider any and all natural or legal persons, accredited to provide electronic archiving services; 4. d) storage medium any and all media allowing for the writing or reproducing of

2 electronic documents; 5. e) electronic message electronic document including identification data on the sender, receiver, as well as on the sending time, created in order to remotely send information using electronic means; 6. f) document access terms the access level allowed by the holder of the right to dispose of the document; 7. g) electronic archiving system electronic IT system dedicated to the collection, storage, organization and categorizing of electronic documents in order to store, access and edit them; 8. h) holder of the right to dispose of the document natural or legal person owner or, as the case may be, issuer of the document, entitled to set and change the document access terms, according to the laws in force. CAP. 3 PROVISION OF ELECTRONIC DOCUMENTS ARCHIVING SERVICES ART. 4 Any and all individual or legal persons are entitled to submit electronic documents for storage in electronic archives, according to the provisions under this law. ART. 5 The provision of electronic archiving services is not subject to prior authorization and is carried out according to the principles of free and loyal competition, in compliance with the regulations in force. ART (1) 30 days prior to the commencement of electronic documents archiving operations, the parties intending to supply electronic archiving services are bound to inform the specialized regulatory and monitoring authority on the commencement date of such operations. 2. (2) Once the notification stipulated under paragraph (1) is sent, the electronic archives administrator is bound to communicate to the specialized regulatory and monitoring

3 authority all information related to the security and preservation procedure employed, as well as on any and all information requested by the specialized regulatory and monitoring authority. 3. (3) The electronic archives administrator shall be bound to inform the specialized regulatory and monitoring authority, at least 10 days in advance, on any and all intentions to change the security and storage procedures, indicating the date and time on which the modification is to be implemented. The administrator shall also be bound to confirm the respective modification, within 24 hours. 4. (4) In emergency situations, where the security of archiving services is affected, the electronic archives administrator may modify the security and storage procedure, informing the specialized monitoring and regulatory authority, within 24 hours, on the changes performed and the grounds of the decision made. 5. (5) The electronic archives administrator shall be bound to observe, in the performance of its activity, the security and storage procedures declared according to para. (2) - (4). CAP. 4 GENERATION OF ELECTRONIC ARCHIVES ART. 7 The inclusion of electronic documents in electronic archives is subject to the observance of the following requirements: 1. a) the electronic documents shall be signed using the electronic signature of the holder of the right to dispose of the document, hereinafter referred to as electronic signature; 2. b) the electronic signature of the holder of the right to dispose of the document shall be valid; 3. c) the submission of the encryption and decryption key for all encrypted documents subject to the National Archives Laws no. 16/1996, as further amended and supplemented; 4. d) transmission of information stipulated under art. 8 para. (2).

4 ART (1) The electronic document compliant with the provisions under art. 7 shall be electronically signed by the electronic archives administrator, using an electronic signature that shall also attest the value of the respective document as an original or copy, according to the decision of the right to dispose of the document. The electronic document thus identified shall be stored in the location set by the electronic archives administrator. 2. (2) The electronic archives administrator shall attach, for each archived electronic document, an electronic sheet, including the following information: 1. a) the owner of the electronic document; 2. b) the issuer of the electronic document; 3. c) the holder of the right to dispose of the document; 4. d) the history of the electronic document; 5. e) the type of electronic document; 6. f) the classification level of the electronic document; 7. g) the digital format the electronic document is archived in; 8. h) the key words required for the identification of the electronic document; 9. i) physical storage medium localization elements; 10. j) sole identifier of the electronic document within the electronic archives; 11. k) document's issue date; 12. l) archiving date; 13. m) document s maintenance term. 3. (3) If the electronic document was generated through the transfer of information from analog to a digital support, the sheet shall include the following additional information: 1. a) references to the owner of the original and the location of the original; 2. b) transfer method used; 3. c) hardware used; 4. d) software used.

5 ART (1) The electronic archives administrator shall be bound to register and maintain the records of all electronic documents in the electronic archives, in an electronic register. 2. (2) The electronic archives register shall be accessible for the public only for the documents for which the holder of the right to dispose of the document has set the public access option. 3. (3) The reference in the archives register to a classified document can be obtained depending on the applicant s access rights. ART (1) The electronic archives administrator shall hold the financial resources required to cover the prejudice that could incur in the performance of the electronic archiving operations. The protection method shall be set through a decision of the specialized regulatory and supervision authority. 2. (2) If the electronic archives include or shall include classified documents, the electronic archives administrator shall observe the legal conditions on the protection of classified information. ART. 11 The sheet accompanying the document shall be archived separately from the document and recorded in the electronic archives register. If the sheet refers to a classified document, the register reference shall be encrypted.

6 CAP. 5 ELECTRONIC ARCHIVES STORAGE ART (1) The electronic archives administrator is bound to maintain the source code of all software used in the development and use of electronic archives, in electronically signed and classified files, as the case may be. 2.(2) The electronic archives administrator is bound to submit with the National Archives a copy of the code source of any and all software used in the development and use of the electronic archives. 3. (3) If the electronic archives administrator does not the source code, the provisions under para. (1) and (2) shall apply for the exe source code. ART (1) The electronic archives administrator shall be bound to provide maintenance and software allowing for the conversion of any and all electronic documents, archived in the format in which it was generated, into a format allowing for viewing, reproduction and storage of the respective document, according to the commonly used technologies. 2.(2) If a document generated in a format that cannot be identified by the products in the algorithms and software library is archived, the electronic archives administrator shall be bound to add in the library a description of the format thereof upon archiving, as well as the software with which the document was generated and can be viewed. CAP. 6 ACCESSING ELECTRONIC ARCHIVES ART (1) The electronic documents access conditions, as well as the editing thereof shall be exclusively set by the holder of the right to dispose of the document, through an act, to be signed both by the holder of the right to dispose of the document, and by the electronic archives administrator.

7 2. (2) The electronic document access conditions, set according to paragraph (1), shall be included in the document s electronic sheet, and the act setting these conditions, electronically generated or converted into electronic format, shall be attached to the archived document. 3. (3) The electronic archives' administrator is bound to observe the document access conditions, set according to para. (1), both upon archiving and upon the granting of access to the electronic document in the archives. 4. (4) The liability for setting the access conditions to an electronic document exclusively rests with the holder of the right to dispose of the document, and the liability for the observance of the electronic document access conditions, both upon archiving and upon the granting of the right to access the document, rests with the electronic archives administrator. ART. 15 The electronic archives administrator shall ensure the permanent or upon request access, for each electronic document, according to the provisions under art. 14 and the laws in force. ART. 16 The electronic archived administrator has the following obligations: 1. a) to maintain the electronic archives; 2. b) to generate backup electronic archives, including all archived electronic documents and which is permanently updated off-line; 3. c) to use a homologated security system, guaranteeing for the integrity, security and, if applicable, confidentiality of archived electronic documents; 4. d) to ensure the viewing of any and all electronic documents in the archives; 5. e) to ensure the destruction of documents the archiving period whereof expired; 6. f) to notify the specialized regulatory and monitoring authority, at least 60 days in advance, on the intention to terminate activity, except for force majeure events. In this latter case, the electronic archives administrator is bound to transfer the electronic archives to another electronic archiving services provider, with the approval of the

8 specialized regulatory and supervision authority. ART (1) Electronic archives are stored in datacenters subjected to prior authorization, in compliance with the legal norms in force on the assurance of: 1. a) integrity and security of electronic documents; 2. b) security and integrity of the area occupied by the equipment hosting the electronic archives; 3. c) recovery of information pursuant to natural disaster, according to the regulations in force. 2. (2) Within 90 days from the enforcement date of this law, the competent regulatory and supervising authority shall issue methodology norms on the authorization of datacenters. CAP. 7 OFFENCES AND CONTRAVENTIONS ART. 18 Failure to observe the provisions under this law triggers, as the case may be, contraventional, civil or criminal liability. ART. 19 The disclosure of the encryption key by the electronic archives administrator represents an offence and it is punished with imprisonment, ranging between 1 and 3 years. ART. 20 Unauthorized access to the documents in the electronic archives constitutes offence and is punished with imprisonment ranging between 3 months and 3 years. ART. 21 Unauthorized copying of the documents in the electronic archives represents offence and is punished with imprisonment ranging between 1 and 12 years. ART. 22 Unauthorized editing of the documents in the electronic archives represents offence and is

9 punished with imprisonment ranging between 1 and 15 years. ART. 23 The destruction of the electronic archives represents offence and is punished with imprisonment ranging between 6 and 15 years. ART. 24 According to the law, if the electronic administrator s failure to comply with the provisions under art. 6, 8, 9, 11, 15 and 16 does not represent an offence, it shall be regarded as contravention. ART. 25 The cases of contravention under art. 24 shall be sanctions with fees ranging between 3,000 RON and 10,000 RON. ART (1) The acknowledgement of the cases of contravention and the application of the sanctions stipulated under this chapter rest with the management personnel within the specialized regulatory and monitoring authority. 2. (2) The provisions under the Government Ordinance no. 2/2001 regulating cases of contravention, approved as further amended and supplemented through the Law no. 180/2002, as further amended and supplemented shall apply to the cases of contravention stipulated under this chapter. ART (1) The liability for the application of the provisions under this law and of the related regulations rests with the specialized regulatory and monitoring authority, stipulated under chapter IV from the Law no. 455/2001 on electronic signatures. 2. (2) Within 3 months from the enforcement date of this law, the specialized regulatory and monitoring authority, together with the National Archives, shall draft regulations and methodologies for the application of this law, the procedure for the granting, suspension, withdrawal of the electronic archives administrator accreditation decision, as well as of the datacenters' authorizations.

10 This law was passed by the Parliament of Romania, in compliance with the provisions under art. 75 and 76 paragraph (1) from the Romanian Constitution, as republished. PRESIDENT OF THE CHAMBER OF DEPUTIES BOGDAN OLTEANU PRESIDENT OF THE SENATE NICOLAE VĂCĂROIU Bucharest, May 15 th 2007 No. 135

LAW no. 455 on July 18, 2001 on electronic signature The Parliament of Romania adopts this law. CHAPTER I: General Provisions SECTION 1: General Principles Art. 1. This law regulates the legal status of

2014-03-17 OBJECTS AND REASONS This Bill would amend the Electronic Transactions Act, Cap. 308B to make provision for the improvement of the administration of the Act. 2 Arrangement of Sections 1. 2. 3.

People s Advocate Romanian College of Physicians No. 1949/12 February 2015 No. 1242/12 February 2015 PROTOCOL No. 3 from 12 February 2015 Regarding the collaboration aiming to fulfil the responsibilities

Decree Law No. ( ) of 2011 on Electronic Transactions Law Decree Law No. ( ) of 2011 on Electronic Transactions Law We, President of the State of Palestine Chairman of the Executive Committee of the Palestine

This Business Associate Agreement Is Related To and a Part of the Following Underlying Agreement: Effective Date of Underlying Agreement: Vendor: Business Associate Agreement This Business Associate Agreement

HIPAA BUSINESS ASSOCIATE AGREEMENT THIS HIPAA BUSINESS ASSOCIATE AGREEMENT ( BAA ) is entered into effective the day of, 20 ( Effective Date ), by and between the Regents of the University of Michigan,

LAWS OF MALAYSIA Act 680 ELECTRONIC GOVERNMENT ACTIVITIES ACT 2007 ARRANGEMENT OF SECTIONS PART I PRELIMINARY Section 1. Short title and commencement 2. Application 3. Use not mandatory 4. Reference to

LAW OF GEORGIA ON ELECTRONIC SIGNATURES AND ELECTRONIC DOCUMENTS Article 1 - Purpose and scope of the law 1. This Law establishes a legal framework for electronic document flow systems and the use of electronic

School/Unit: Rowan University School of Osteopathic Medicine Vendor: Business Associate Agreement Involving the Access to Protected Health Information This Business Associate Agreement ( BAA ) is entered

Act on Insurance Mediation and Reinsurance Mediation The full wording of Act No. 340/2005 Coll. dated 23 June 2005 on insurance mediation and resinsurance mediation and on amendments to certain laws, as

SAMPLE BUSINESS ASSOCIATE AGREEMENT This is a draft business associate agreement based on the template provided by HHS. It is not intended to be used as is and you should only use the agreement after you

Published in the Gazette of the Parliament of Georgia (November 19, 1996) Law of Georgia On Normative Acts Chapter I General Provisions Article 1 This Law shall define the types and hierarchy of normative

APPROVED by the Board of Directors of OAO TMK Minutes dated «19» December 2011 Regulations on Insider Information of OAO TMK (new version) I. GENERAL TERMS AND DEFINITIONS For the purposes of these Regulations

Information for Agents and Brokers Regarding the HIPAA Business Associate Agreement You may be aware that the Health Insurance Portability and Accountability Act of 1996 ( HIPAA ) requires health plans

HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ("BA AGREEMENT") supplements and is made a part of any and all agreements entered into by and between The Regents of the University

HIPAA BUSINESS ASSOCIATE AGREEMENT THIS BUSINESS ASSOCIATE AGREEMENT ( Agreement ), entered into and effective this day of,, is by and between ( Business Associate ) and Black, Gould & Associates, Inc.

This English translation of the ACT ON ELECTRONIC SIGNATURES AND CERTIFICATION BUSINESS Effective April 1, 2001 has been prepared in compliance with the Standard Bilingual Dictionary March 2006 edition.

Software Maintenance & Support Agreement This agreement ( Support Agreement, Software Assurance, Agreement ) is for the purpose of defining the terms and conditions under which Technical Support, Maintenance

THE REGULATION OF INTERCEPTION OF COMMUNICATIONS BILL, 2007 ARRANGEMENT OF CLAUSES. PART I - PRELIMINARY Clause. 1. Interpretation. PART II - CONTROL OF INTERCEPTION AND ESTABLISHMENT OF A MONITORING CENTRE

Maintenance and Support Agreement Version date 2013 Inventive Designers www.inventivedesigners.com This Software Maintenance and Support Agreement ( Agreement ), effective on the date of the last signature

Methodological Norms of 9 September 2004 (*updated*9) for the enforcement of Government Ordinance no. 44/2004 on the Social Integration of Aliens Who Were Granted a Form of Protection or a residence permit

ELECTRONIC COMMERCE AND ELECTRONIC SIGNATURE ACT (ZEPEP-UPB1) (Official consolidated text) On basis of article 153 of the National Assembly of Slovenia Rules of Procedure the National Assembly of the Republic

Nº B9-06-234 Pro Kor Article 1.- PRAKAS On Clearing System of Settlement Payment 3 Definitions stated in Article 2 of the NIPTL are incorporated into this Prakas, unless hereafter modified or where the

THE REPUBLIC OF ARMENIA LAW ON ACCOUNTING Adopted 26.12.2002 Article 1. Purpose of the Law CHAPTER 1 GENERAL PROVISIONS This Law defines a uniform basis for the organization and execution of accounting,

POLICY ON PRESERVATION OF DOCUMENTS [Pursuant to Regulation 9 of the Securities and Exchange Board of India, (Listing Obligations and Disclosure Requirements) Regulations, 2015)] EFFECTIVE DATE AND POLICY

Law on the electronic signature 94.0 Notice This English translation has no official character. The only authentic texts are the German, French and Italian versions published in the Official Compendium

CZECH REPUBLIC ACT ON BONDS Important Disclaimer This translation has been generously provided by the Czech National Bank. This does not constitute an official translation and the translator and the EBRD

Identity Cards Act 2006 CHAPTER 15 Explanatory Notes have been produced to assist in the understanding of this Act and are available separately 6 50 Identity Cards Act 2006 CHAPTER 15 CONTENTS Registration

Law No. 677/2001 on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data, amended and completed The Romanian Parliament adopts the present law.

BUSINESS ASSOCIATE AGREEMENT This Business Associate Agreement (the Agreement ) is by and between ( Covered Entity )and CONEX Med Pro Systems ( Business Associate ). This Agreement has been attached to,

1 SMDG-Interchange EDI - Understanding This draft is the result of work carried out by a SMDG-Subgroup. It was set up mainly on TEDIS drafts (May 1991/January 1994) but ideas and comments of EDI Council

(As it has effect at 1st June 1999) Copyright Treasury of the Isle of Man Crown Copyright reserved The text of this legislation is subject to Crown Copyright protection. It may be copied free of charge

27 July 2006 No.152-FZ RUSSIAN FEDERATION FEDERAL LAW PERSONAL DATA (as amended by Federal Law of 25.11.2009 No.266-FZ) Article 1. Scope of This Federal Law Chapter 1. GENERAL Adopted by The State Duma

Number 27 of 2000 ELECTRONIC COMMERCE ACT, 2000 ARRANGEMENT OF SECTIONS PART 1 Preliminary and General Section 1. Short title and commencement. 2. Interpretation. 3. Regulations. 4. Laying of orders and

IMPORTANT NOTICES: CLAIMS MADE POLICY This Proposal is for a policy issued by ProRisk on a claims made and notified basis. This means that the policy only covers claims first made against you during the

HIPAA BUSINESS ASSOCIATE AGREEMENT This HIPAA Business Associate Agreement ( Agreement ) is by and between ( Covered Entity ) and Xelex Digital, LLC ( Business Associate ), and is effective as of. WHEREAS,

SHARE TRADING POLICY 1 PURPOSE 1.1 SCOPE This policy summarises the law relating to insider trading and sets out the Company s trading policy on buying and selling securities of the Company including shares,

GmbH NOTE: The information contained in this document is the property of TC TrustCenter GmbH. This document may not be copied, distributed, used, stored or transmitted in any form or by any means, whether

PARLIAMENT OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA ELECTRONIC TRANSACTIONS ACT, No. 19 OF 2006 [Certified on 19th May, 2006] Printed on the Order of Government Published as a Supplement to Part

REGULATION (EEC) No 2309/93 Council Regulation (EEC) No 2309/93 of 22 July 1993 laying down Community procedures for the authorization and supervision of medicinal products for human and veterinary use

RECORDS MANAGEMENT POLICY POLICY STATEMENT The records of Legal Aid NSW are a major component of its corporate memory and risk management strategies. They are a vital asset that support ongoing operations

TERMS OF USE FOR PUBLIC LAW CORPORATION PERSONAL CERTIFICATES FOR QUALIFIED DIGITAL SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information

SHP-570A 1/14 SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD For NON-CHANNELERS The goal of this document is to provide adequate security and integrity for criminal history record information (CHRI)

BEFORE THE BOARD OF COUNTY COMMISSIONERS FOR MULTNOMAH COUNTY, OREGON RESOLUTION NO. 05-050 Adopting Multnomah County HIPAA Security Policies and Directing the Appointment of Information System Security

Business Associate Agreement I. Definitions Catch-all definition: The following terms used in this Agreement shall have the same meaning as those terms in the HIPAA Rules: Breach, Data Aggregation, Designated

HIPAA Information Who does HIPAA apply to? HIPAA applies to all Covered Entities (entities that collect, access, use and/or disclose Protected Health Data (PHI) and are subject to HIPAA regulations). What

1 Agreement about the access to data of details of wholesale energy transactions executed at HUPX Market required for data reporting based on REMIT (type A2) (hereinafter: Agreement ) concluded between

BENTON COUNTY PERSONAL SERVICES CONTRACT This is an agreement by and between BENTON COUNTY, OREGON, a political subdivision of the State of Oregon, hereinafter called COUNTY, and, hereinafter called CONTRACTOR.

Qualified Electronic Signatures Act (SFS 2000:832) The following is hereby enacted 1 Introductory provision 1 The purpose of this Act is to facilitate the use of electronic signatures, through provisions

TERMS OF USE FOR TITLE CERTIFICATES FOR ELECTRONIC SIGNATURE Prior to the verification of the electronic certificate, or to access or use the certificate status information and other information contained

DRAFT BUSINESS ASSOCIATES AGREEMENT THIS AGREEMENT is made this day of, 20, by and among, a Corporation organized under the laws of the State of (hereinafter known as "Covered Entity") and organized under

LAW ON THE PROTECTOR OF HUMAN RIGHTS AND FREEDOMS Podgorica, July 2003 LAW ON THE PROTECTOR OF HUMAN RIGHTS AND FREEDOMS I BASIC PROVISIONS Article 1 Establishing the Protector of Human Rights and Freedoms

GENERAL ADMINISTRATIVE LAW ACT Text as per 1 October 2009, incorporating the following bills and legislative proposals: Penalty and appeal in case of failure to take a timely decision (29 934) Fourth tranche